1 / 16

Data Corp Analysis

Data Corp Analysis. Casey Jackman. Evidence. Conclusion. Objectives.

tea
Download Presentation

Data Corp Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Corp Analysis Casey Jackman

  2. Evidence

  3. Conclusion

  4. Objectives This analysis will provide detailed information about recovered evidence, display data (files and folders) deemed relevant to said case—including file name types and brief descriptions, and finally a conclusion of the findings.

  5. Approach To ensure that only relevant information is presented as evidence in this case, I will first strive to understand the policies of DataCorp, specifically what information would imply that a law, or company policy has been violated. I will then systematically filter through the provided disk images for files and/or directories that seem relevant to the previously mentioned policies.

  6. Floppy 1

  7. Floppy 2

  8. HD 1: Arty Snitch

  9. HD 2: Bart Smoot

  10. Notes.doc Blast, repartitioning didn’t work on this drive. I’ll just hide it deep. remember, password is secretstuff my pw:b4r7y1 pgp key: smo0tk3y

  11. Messaging History

  12. Analysis “…No employee shall participate in the installation and/or use of personal or open source software on Company computers.” The open source Python software, Picolo, was found to have been installed on Image 2 as well the Trending.py file that was discovered on floppy disk 1

  13. “…Accessing of database information by employees is prohibited unless required for job functions that are expressly authorized in job descriptions” Perl Scripts were discovered on Floppy Image 2, defaults.pl . This script had used Oratab function, indicating that a database had been accessed and data was retrieved. Evidence of OLE streams were also found. Other End User License Agreements were found on both images suggesting unnecessary software installations.

  14. Analysis "In no case shall employees use company resources to conduct personal business.” Chat histories were discovered on Image 1 with correspondence between Art and Bart. These conversations included brief descriptions of work machines being used to download non-work media. An attempt to send a Microsoft installer program, shreditpc.msi, was also found. ShreditPC most likely an application used to permanently destroy files.

  15. Analysis PGP (Pretty Good Pricy) was also found on both floppy disk and a Hard Disk images suggesting that files were encrypted on a disk at work. A self-incrementing text file was found deep in the the file directory with username and password credentials for PGP, Notes.txt . Simple Keyring files were also discovered a floppy disk, connecting the disk to the PGP installation on the client machine.

  16. Analysis Finally, it appears that data was being hidden in images using Steganography, a directory was found with this Steganography as the title and images were near the file with appended file extensions, masking the true file type. This file was encrypted with PGP.

More Related